tsafe-store.5 - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
tsafe-store.5 (2005B)
---
1 .Dd 2020-05-28
2 .Dt SAFE-STORE 5
3 .Os POSIX.1-2017
4
5 .Sh NAME
6 .Nm safe-store
7 .Nd Encrypted file storage for your secrets.
8
9 .Sh DESCRIPTION
10 The
11 .Nm
12 is a directory containing encrypted files called
13 .Em secrets .
14 There can be any number of sub-directories in the
15 .Nm ,
16 in which case the secret shall be refered to by its path relative to the
17 .Nm .
18 .Bd -literal
19 $ find .secrets -type f
20 .secrets/master
21 .secrets/name
22 .secrets/subdir/name
23 .secrets/subdir/othername
24 .Ed
25
26 .Sh FILES
27 .Bl -tag -width "/etc/mail/smtpd.confXXX" -compact
28 .It Pa .secrets
29 Default
30 .Nm
31 path
32 .It Pa .secrets/cipher
33 A arbitrary secret named "cipher"
34 .It Pa .secrets/master
35 A special secret used as a reference for derivating a key from the
36 master password
37 .El
38 .Pp
39 .Pa secrets
40 are the concatenation of a 40 bytes
41 .Xr cream 5
42 header and arbitrary data encrypted using the
43 .Em XChaCha20-Poly1305
44 algorithm.
45 .Pp
46 The key used for encryption is derived from the parameters in the header
47 and a master password. Every secret is encrypted with the same key.
48 .Pp
49 .Pa master
50 is a special secret containing the master password.
51 It is used to check the master password, and as a reference for key
52 derivation.
53 Its content is however never checked for, and could be
54 anything, as long as it can be decrypted properly.
55
56 .Sh SECURITY CONSIDERATIONS
57 The master secret is used to verify that the key derivated from your
58 master password is correct. If it is not absent, no secret can be
59 decrypted, and the
60 .Xr safe 1
61 utility will generate a new header and master entry. It means that all
62 secrets created with a different salt will not be decrypted properly.
63 .Pp
64 To recover from a lost master secret, you can do the following (assuming that
65 .Em random_entry
66 is an existing secret):
67 .Bd -literal
68 cd $SAFE_DIR
69 cp random_entry master
70 echo "your master password" | safe -a master.new
71 mv master.new master
72 chmod 400 master
73 safe master
74 .Ed
75
76 .Sh SEE ALSO
77 .Xr safe 1 ,
78 .Xr safe-agent 1 ,
79 .Xr cream 5
80
81 .Sh AUTHORS
82 .An Willy Goiffon Aq Mt dev@z3bra.org